<?php
include 'DBManager.class.php';

$title=mysql_escape_string( $_POST['title'] );
$year = mysql_escape_string( $_POST['year'] );
$released = mysql_escape_string( $_POST['released'] );
$rated = mysql_escape_string( $_POST['rated'] );
$genre =  isset ($_POST['genre']) ? $_POST['genre'] : 'noGenre';
$director = mysql_escape_string( $_POST['director'] );
$writer = mysql_escape_string( $_POST['writer'] );
$actors = mysql_escape_string( $_POST['actors'] );
$plot = isset ($_POST['plot']) ?  mysql_escape_string( $_POST['plot'] ) : 'N/A';
$cover = 'N/A';
$runtime = mysql_escape_string( $_POST['runtime'] );
$genreStr = '';
if ($genre == 'noGenre')
	$genre ='N/A';
else
	foreach($genre as &$k){ 
		$genreStr .= $k.", ";
	}
	
if(strlen($genreStr)>2)	
	$genreStr =  substr( $genreStr, 0, strlen($genreStr)-2);

if(strlen($genreStr)<=0){
	$genreStr = 'N/A';
}

if ($_FILES["cover"]["error"] > 0)
  {
  	$cover = 'N/A';
  }
else
  {
	  move_uploaded_file($_FILES["cover"]["tmp_name"],"../../images/" . $_FILES["cover"]["name"]);
	  $cover = "images/" . $_FILES["cover"]["name"];
  }

$originId=$_POST['id'];
$db = new DBManager ( 'localhost',  'root',  '',  'iumus' );


	
	$query="UPDATE movie SET title='".$title."', year='".$year."', rated='".$rated."', released='".$released."', genre='".$genreStr."', director='".$director."', writer='".$writer."', actors='".$actors."', plot='".$plot."', cover='".$cover."', runtime='".$runtime."' WHERE id = '".$_POST['id']."';";
	$db->executeQuery ($query);

header ("Location: ../../wp-admin/index.php");
?>